HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
What is HIPAA? HIPAA refers to the Health Insurance Portability and Accountability Act of 1996 One of the primary objectives of HIPAA is to protect personal medical information
HIPAA Overview All HIPAA-covered entities, including health plans and healthcare providers, are regulated and covered by HIPAA laws February 18, 2010, was the date for required compliance by business associates of these entities with HIPAA requirements Business associates are subject to direct liability by regulation as of September 23, 2013 The definition of a “breach” of protected health information as of September 23, 2013 was broadened to have more limited exclusions
Why HIPAA? HIPAA information is sensitive and should be kept confidential because it can be misused and exploited by others for identity theft or fraud. An entity needs to meet all applicable HIPAA requirements
HIPAA LAWS HAVE TWO MAIN PURPOSES: To protect personal privacy To prevent crime HIPAA PRIVACY AND SECURITY RULES ARE ENFORCED BY THE OFFICE FOR CIVIL RIGHTS (OCR) PART OF DEPARTMENT OF HEALTH AND HUMAN SERVICE (HHS) HIPAA Compliance
Disclosing PHI – A Serious Offense When someone’s Protected Health Information (PHI) is disclosed, it becomes a serious offense The most severe fine imposed for HIPAA violations includes $50,000 per violation Maximum of $1.5 million-per-year for violations of an identical provision, as well as imprisonment
HIPAA Security Rule HIPAA’s security rule mainly deals with electronic Protected Health Information (ePHI) in any electronic or digital form Disclosure of someone’s PHI requires a HIPAA authorization (a “release”) A limited amount of information of PHI disclosure to family and friends may be permitted in certain circumstances Disclosure of someone’s own PHI to that individual and disclosure for treatment does not require minimum necessary filtering
Disclosure for Treatment HIPAA minimum necessary rules do not apply to uses and disclosure for treatment Many individuals expect that their health information will be used and disclosed as necessary to treat them, bill for treatment, and, to some extent, operate the covered entity’s healthcare business
Disclosure for Treatment To avoid interfering with an individual’s access to quality health care or the efficient payment for such health care, the Privacy Rule permits a covered entity to use and disclose protected health information, with certain limits and protections, for treatment, payment, and healthcare operations activities Most disclosures for treatment, payment and healthcare operations do not require an authorization
ING OF CERTAIN INFORMATION AND PROTECTED HEALTH INFORMATION IS GENERALLY NOT PERMITTED. IF IT IS PERMITTED BY THE CARRIER, ALL S THAT CONTAIN CONFIDENTIAL INFORMATION OR PROTECTED HEALTH INFORMATION MUST BE ENCRYPTED. HIPAA and
ELECTRONIC COMMUNICATIONS OF PROTECTED HEALTH INFORMATION, TO THE EXTENT PERMITTED BY THE COMPANY, REQUIRE APPLICATION OF REASONABLE SAFEGUARDS AND ADEQUATE PROTECTIONS AGAINST INAPPROPRIATE USE OR DISCLOSURE HIPAA and Electronic Communications
Reporting a Potential Privacy Breach Anonymous reporting may be made through the Toll-Free Hotline provided by the Company’s Third Party Hotline Service: Taylor White Accounting and Finance (888) , or Reporting may also be made to the Company’s Privacy Officer.
THANK YOU
FOR AGENT USE ONLY. NOT FOR USE WITH CONSUMERS. CERTAIN EXCLUSIONS AND LIMITATIONS MAY APPLY. NOT AFFILIATED WITH THE UNITED STATES GOVERNMENT OR THE FEDERAL MEDICARE PROGRAM. THE CONTENT OF THIS PRESENTATION REFLECTS THE OPINION OF THE PRESENTER AND NOT NECESSARILY THE OPINION OF ANY ENTITY WITH WHICH THE PRESENTER HAS A BUSINESS RELATIONSHIP. THIS INFORMATION IS PROVIDED FOR EDUCATIONAL PURPOSES. THE ONGOING IMPLEMENTATION OF LAWS, RULES, AND REGULATIONS MAY CALL FOR INFORMATION IN THIS PRESENTATION TO BE REVISED. NEITHER THE PRESENTER, NOR ANY ENTITY WITH WHICH THE PRESENTER MAY BE AFFILIATED, CONTRACTED, OR EMPLOYED, PROVIDE TAX, INVESTMENT, OR LEGAL ADVICE.